CN109831438B - Two-way communication system and method between avionic network domain and information network domain based on virtualization - Google Patents
Two-way communication system and method between avionic network domain and information network domain based on virtualization Download PDFInfo
- Publication number
- CN109831438B CN109831438B CN201910121792.0A CN201910121792A CN109831438B CN 109831438 B CN109831438 B CN 109831438B CN 201910121792 A CN201910121792 A CN 201910121792A CN 109831438 B CN109831438 B CN 109831438B
- Authority
- CN
- China
- Prior art keywords
- network
- communication
- module
- avionic
- virtual machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a virtualization-based bidirectional communication system and method between an avionic network domain and an information network domain, which aims to effectively solve the problems of safety isolation and flow direction protection of bidirectional communication between the avionic network domain and the information network domain in an airborne environment. The invention designs a two-way safe communication architecture model based on the virtualization technology in the network domain boundary control device of the airborne information network, an avionic network access control virtual machine and an information network access control virtual machine are created by virtual machine management software arranged at a system privilege layer, the module for communication with the high-security level application is deployed in the aviation network access control virtual machine, the module for communication with the low-security level application is deployed in the information network access control virtual machine, and the program modules are isolated from each other, therefore, the physical isolation of the communication control module with high and low safety levels in the module is realized, the problems of safety isolation and flow direction protection of two-way communication between the avionic network domain and the information network domain in an airborne environment are effectively solved, and a solution is provided for the two-way safety communication between the civil airborne information network and the avionic network.
Description
Technical Field
The invention relates to a two-way communication system and a method between an avionic network domain and an information network domain.
Background
In the field of aviation, the high-safety application of operation in an avionics system provides guarantee for the normal operation of the whole aircraft. In a traditional electronic system of an airplane, avionic data is transmitted in a closed airborne environment through an avionic network (such as an avionic full-duplex switched Ethernet), so that the avionic data is not attacked by external information security, and the security of the avionic data is ensured. With the large number of applications of information technology in civil avionics systems, in order to provide more and more convenient services to aircraft operators, aircraft designers introduced an ethernet-based on-board information service system, implementing diverse information services by hosting and running low-security-level applications.
The novel civil aircraft avionics system network domain is divided into a high-safety avionics network domain and a low-safety information network domain, applications with higher safety level (safety level A-C) reside in the avionics network domain and applications with lower safety level (safety level D-E) reside in the information network domain and operate the avionics network domain. To fulfill the service function requirements, a large amount of data needs to be exchanged in real time between the high security level application and the low security level application. Therefore, the avionic network domain faces network information security threats from the information network domain, and further has adverse effects on the security of the avionic network domain and the airplane operation security.
Disclosure of Invention
The invention provides a virtualization-based bidirectional communication system and method between an avionic network domain and an information network domain, which aims to effectively solve the problems of safety isolation and flow direction protection of bidirectional communication between the avionic network domain and the information network domain in an airborne environment.
The technical scheme of the invention is as follows:
the two-way communication system between the avionics network domain and the information network domain based on virtualization is characterized in that: the bidirectional communication system is arranged in a network domain boundary control device of an onboard information network and comprises the following program modules:
virtual machine management software: the system is arranged on a system privilege layer and used for creating an avionic network access control virtual machine and an information network access control virtual machine, and a virtual machine safety communication management module runs in virtual machine management software; the virtual machine safety communication management module is used for realizing communication among the virtual machines;
the avionics network access control virtual machine: an avionic network communication access control module, an avionic network transmitting module, an avionic network receiving module and an avionic network end node drive are operated in the avionic network communication access control module;
the navigation electric network communication access control module: the system comprises a virtual machine safety communication management module, an information network access control virtual machine safety communication management module, an avionic network transmission module and a data processing module, wherein the virtual machine safety communication management module is used for receiving information sent by the information network access control virtual machine through the virtual machine safety communication management module, checking and controlling the compliance of the received information, sending the compliant information to the avionic network transmission module and discarding the non-compliant information;
avionics network transmission module: the terminal node is used for packaging the avionic network communication frame according to the sending configuration and calling the avionic network terminal node to drive to send the avionic network communication frame;
avionics network receiving module: the device comprises a virtual machine safety communication management module, an information network communication agent module, a receiving configuration module and a communication configuration module, wherein the receiving configuration module is used for calling an avionic network end node to drive and receive an avionic network communication frame, and after the communication frame is analyzed, a message is sent to the information network communication agent module through the virtual machine safety communication management module;
avionic network end node drive: a device driver for implementing avionic network end node hardware;
the information network access control virtual machine: the inside of the intelligent network is operated with an information network communication agent module and an information network end node driver;
the information network communication agent module: the system is used for realizing the low-security-level application communication agent function in the information network, and checking and controlling the messages entering and exiting the network domain boundary control device: when the information is sent, the information which passes the check is sent to an avionic network sending control module; receiving a message from an avionics network receiving module when receiving;
information network end node driving: and the device driver is used for realizing the hardware of the information network end node.
Further, the method also comprises the steps that the running state monitoring virtual machine is established by the virtual machine management software; a monitoring and log recording module runs in the running state monitoring virtual machine;
the monitoring and log recording module is used for monitoring the running states of the information network communication agent module, the avionic network communication access control module, the avionic network sending module and the avionic network receiving module in the data transmission process and recording and storing logs at the same time.
The invention also provides a two-way communication method between the avionics network domain and the information network domain based on virtualization, which is characterized in that,
the data transmission process from the information network domain to the avionics network domain comprises the following steps:
1.1) the information network communication agent module receives a data message sent by a low-security level application in an information network domain, checks whether the data message is credible according to an information network access control rule, sends a response message to the low-security level application if the data message is credible, and then goes to step 1.2); if the data message is not credible, discarding the data message and terminating the transmission process;
1.2) sending the credible data message to a virtual machine safety communication management module through a communication pipeline, checking the compliance of a sender and a receiver of the data message by the virtual machine safety communication management module according to a virtual machine communication control rule, if the sender and the receiver are both compliant, sending the data message to an aviation network communication access control module through the communication pipeline, and turning to the step 1.3); if any one of the sender and the receiver is not in compliance, discarding the data message and terminating the transmission process;
1.3) the avionic network communication access control module checks the compliance of the received data message according to the avionic network access control rule, if the data message is compliant, the data message is sent to the avionic network sending module through a communication pipeline, and the step 1.4 is carried out); if the data message is not qualified, discarding the data message and terminating the transmission process;
1.4) after receiving the data message, the avionic network sending module firstly encapsulates the data message into an avionic network communication frame according to network configuration, and then sends the avionic network communication frame to a high-security-level application located in an avionic network domain through the avionic network end node drive;
the data transmission process from the avionics network domain to the information network domain comprises the following steps:
2.1) the avionic network receiving module receives an avionic network communication frame sent by a high-security-level application in an avionic network domain according to network configuration;
2.2) the avionic network receiving module unpacks the avionic network communication frames and sends the avionic network communication frames to the virtual machine safety communication management module through a communication pipeline;
2.3) the virtual machine safety communication management module checks the compliance of a sender and a receiver of the data message according to the virtual machine communication control rule for the received data message, if the sender and the receiver are both compliant, the data message is sent to the information network communication agent module through a communication pipeline, and the step 2.4 is carried out; if any one of the sender and the receiver is not compliant, discarding the data message and terminating the transmission process;
and 2.4) after receiving the compliance data message, the information network communication agent module sends the compliance data message to the low-security-level application in the information network domain according to the information network access control rule.
Furthermore, in the transmission process of data between the avionic network domain and the information network domain, the operation states of the information network communication agent module, the avionic network communication access control module, the avionic network sending module and the avionic network receiving module are monitored in real time, and meanwhile, logs are recorded and saved.
Further, the information network access control rule in step 1.1) and step 2.4) is composed of a sender IP address, a sender communication port number, a signature algorithm and an algorithm key.
Further, the virtual machine communication control rule in step 1.2) and step 2.3) is composed of a sender virtual machine number, a sender virtual machine priority, a receiver virtual machine number, a receiver virtual machine priority, and a communication direction.
Further, the avionic network access control rule in step 1.3) is composed of a sender IP address, a sender data message name, a receiver avionic network address, a receiver communication port number, a message unique value, and a message length.
The invention has the advantages that:
1. the invention designs a two-way safe communication architecture model based on the virtualization technology in the network domain boundary control device of the airborne information network, an avionic network access control virtual machine and an information network access control virtual machine are created by virtual machine management software arranged at a system privilege layer, the module for communication with the high-security-level application in the aviation network access control virtual machine deployment, the module for communication with the low-security-level application in the information network access control virtual machine deployment and the isolation operation among the units (program modules), therefore, the physical isolation of the communication control module with high and low safety levels in the module is realized, the problems of safety isolation and flow direction protection of two-way communication between the avionic network domain and the information network domain in an airborne environment are effectively solved, and a solution is provided for the two-way safety communication between the civil airborne information network and the avionic network.
2. According to the invention, access control check is carried out on data communication according to the information network access control rule, the virtual machine communication control rule and the avionic network access control rule, so that fine-grained mandatory access control is realized.
Drawings
FIG. 1 is a schematic diagram of the overall architecture of the present invention.
FIG. 2 is a data flow model of an information network domain to an avionics network domain according to the present invention.
FIG. 3 is a data flow model of an avionics network domain to an information network domain in accordance with the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The invention realizes the two-way communication safety between the avionic network domain and the information network domain.
1. Framework assembly
The architecture of the present invention is shown in fig. 1, and includes the following program modules disposed in the network domain boundary control device:
avionics network access control virtual machine 101: the virtual machine runs on top of the virtual machine management software 106, which runs inside it the avionics network communications access control module 102, the avionics network transmit module 103, the avionics network receive module 104 and the avionics network end node driver 105.
The navigation network communication access control module 102: the module is located in the avionics network access control virtual machine 101 and is used for completing avionics network transmission check and control. The module receives the message sent by the information network communication agent module 109 through the virtual machine security communication management module 107, checks and controls the sending of the compliance of the message according to the avionic network access control rule, sends the compliant message to the avionic network sending module 103, and discards the non-compliant message.
Avionics network transmission module 103: the module is located in the avionics network access control virtual machine 101 and is used for completing an avionics network message sending function. The module encapsulates the avionics network communication frames according to the transmission configuration and invokes the avionics network end node driver 105 to transmit the avionics network communication frames.
Avionics network reception module 104: the module is located in the avionics network access control virtual machine 101 and is used for completing an avionics network communication frame receiving function. The module calls the avionic network end node driver 105 to receive an avionic network communication frame according to the receiving configuration, and after the communication frame is analyzed, the module sends a message to the information network communication agent module 109 through the virtual machine secure communication management module 107.
Avionics network end node driver 105: the module is located in the avionics network access control virtual machine 101 and is used for completing the device driving function of the avionics network end node hardware.
The virtual machine management software 106: the software works in a system privilege layer and is used for completing the functions of virtual machine creation and communication between virtual machines. The software creates an avionics network access control virtual machine 101, an information network access control virtual machine 108 and an operating state monitoring virtual machine 111, and the software internally runs a virtual machine security communication management module 107.
Virtual machine secure communication management module 107: this module is located in the virtual machine management software 106 and is used to complete the secure communication and management functions between the virtual machines. The module realizes communication between the virtual machines according to the communication configuration.
Information network access control virtual machine 108: the virtual machine runs on top of the virtual machine management software 106, which runs inside it an information network communication agent module 109 and an information network end node driver 110.
The information network communication agent module 109: the module is located in the information network access control virtual machine 108, and completes the low-security level application communication agent function in the information network, and checks and controls the messages entering and exiting the network domain boundary control device. When sending, the message that the check passes is sent to the avionics network sending control module 103; upon receipt, a message is received from the avionics network reception module 104.
Information network end node driver 110: the module is located in the information network access control virtual machine 108 and completes the device driving function of the information network end node hardware.
The running state monitoring virtual machine 111: the virtual machine runs on top of the virtual machine management software 106, inside which runs a monitoring and logging module 112.
The monitoring and logging module 112: this module is located within the run state monitoring virtual machine 111. In the working process, the module monitors the running states of the information network communication agent module 109, the avionic network communication access control module 102, the avionic network sending module 103 and the avionic network receiving module 104, and records and stores logs at the same time.
2. Data flow control model
The invention isolates the program module through the virtual machine and realizes the separation control of the communication flow direction through the one-way control of the communication message, and the data flow model is shown as figure 2 and figure 3.
As shown in fig. 2, the data transmission process from the information network domain to the avionics network domain is as follows:
step 1: the application with low security level in the information network domain sends a data message to the information network communication agent module 109, and after receiving the data message, the information network communication agent module 109 checks whether the data message is trusted according to the information network access control rule; if the data message is credible, sending a response message to the low-security-level application, and turning to the step 2; otherwise, the data message is discarded, and the transmission process is terminated. The information network access control rule consists of a sender IP address, a sender communication port number, a signature algorithm and an algorithm key.
Step 2: the information network communication agent module 109 sends the data message to the virtual machine secure communication management module 107 via the communication pipe.
And step 3: after receiving the data message, the virtual machine security communication management module 107 checks the compliance of the sender and the receiver of the data message according to the virtual machine communication control rule, and if both the sender and the receiver are compliant, sends the data message to the navigation network communication access control module 102 through the communication pipeline, and then goes to step 4; otherwise, the data message is discarded, and the transmission process is terminated. The virtual machine communication control rule is composed of a sender virtual machine number, a sender virtual machine priority, a receiver virtual machine number, a receiver virtual machine priority and a communication direction.
And 4, step 4: after receiving the data message, the avionics network communication access control module 102 checks the compliance of the data message according to the avionics network access control rule, if the data message is compliant, the data message is sent to the avionics network sending module 103 through a communication pipeline, and the step 5 is carried out; otherwise, the message is discarded and the transmission process is terminated. The avionic network access control rule consists of a sender IP address, a sender data message name, a receiver avionic network address, a receiver communication port number, a message unique value and a message length.
And 5: after receiving the data message, the avionic network transmission module 103 encapsulates the data message into an avionic network communication frame according to network configuration, and then transmits the avionic network communication frame to a high-security-level application located in an avionic network domain through the avionic network end node driver 105.
As shown in fig. 3, the data transmission process from the avionics network domain to the information network domain is as follows:
step 1: the high security level application located in the avionics network domain sends an avionics network communication frame over the avionics network to an avionics network end node driver 105 in the network domain border control device, which is received by an avionics network receive module 104 according to the network configuration.
Step 2: the avionic network receiving module 104 unpacks the avionic network communication frames and sends the avionic network communication frames to the virtual machine secure communication management module 107 through a communication pipeline.
And step 3: after receiving the data message, the virtual machine safety communication management module 107 checks the compliance of the sender and the receiver of the data message according to the virtual machine communication control rule, and if the sender and the receiver are both compliant, the data message avionic data is sent to the information network communication agent module 109 through a communication pipeline; otherwise, the data message is discarded and the transmission process is terminated.
And 4, step 4: after receiving the compliance data message avionics data, the information network communication proxy module 109 sends the compliance data message avionics data to a low security level application located in the information network domain according to the information network access control rules.
In the process of transmitting data between the avionics network domain and the information network domain, the monitoring and logging module 112 monitors the operation states of the information network communication agent module 109, the avionics network communication access control module 102, the avionics network transmitting module 103 and the avionics network receiving module 104 in real time. When the monitoring and log recording module 112 detects that operation has a fault, recording a fault log, and restoring the information network communication agent module 109, the avionic network communication access control module 102, the avionic network sending module 103 and the avionic network receiving module 104 to a normal operation state; if 3 consecutive recoveries fail, the recovery operation is stopped and a fault log is recorded.
Claims (5)
1. Two-way communication system between avionics network domain and information network domain based on virtualization is characterized in that: the bidirectional communication system is arranged in a network domain boundary control device of an onboard information network and comprises the following program modules:
virtual machine management software (106): the system is arranged at a system privilege layer and used for creating an avionics network access control virtual machine (101) and an information network access control virtual machine (108), and a virtual machine safety communication management module (107) runs in virtual machine management software (106); the virtual machine safety communication management module (107) is used for realizing communication among the virtual machines; an operation state monitoring virtual machine (111) created by the virtual machine management software (106);
avionics network access control virtual machine (101): an avionic network communication access control module (102), an avionic network transmitting module (103), an avionic network receiving module (104) and an avionic network end node driver (105) are operated in the avionic network communication access control module;
an avionics network communication access control module (102): the system is used for receiving messages sent by an information network access control virtual machine (108) through a virtual machine safety communication management module (107), carrying out sending check and control on the compliance of the received messages, sending the compliant messages to an avionic network sending module (103), and discarding the non-compliant messages;
avionics network transmission module (103): the device is used for encapsulating the navigation network communication frame according to the sending configuration and calling the navigation network end node driver (105) to send the navigation network communication frame;
avionics network reception module (104): the device is used for calling an avionic network end node driver (105) to receive an avionic network communication frame according to the receiving configuration, and after the communication frame is analyzed, a message is sent to an information network communication agent module (109) through a virtual machine security communication management module (107);
avionics network end node driver (105): a device driver for implementing avionic network end node hardware;
information network access control virtual machine (108): an information network communication agent module (109) and an information network end node driver (110) are operated in the information network communication agent module;
information network communication agent module (109): the system is used for realizing the low-security-level application communication agent function in the information network, and checking and controlling the messages entering and exiting the network domain boundary control device: when sending, the message that the check passes is sent to the avionic network sending control module (103); upon receipt, receiving a message from an avionics network reception module (104);
information network end node driver (110): the device driver is used for realizing the hardware of the information network end node;
a monitoring and log recording module (112) runs in the running state monitoring virtual machine (111);
the monitoring and logging module (112) is used for monitoring the operation states of the information network communication agent module (109), the avionic network communication access control module (102), the avionic network sending module (103) and the avionic network receiving module (104) in the data transmission process and recording and storing logs at the same time.
2. A two-way communication method between an avionics network domain and an information network domain based on virtualization is characterized in that,
the data transmission process from the information network domain to the avionics network domain comprises the following steps:
1.1) an information network communication agent module (109) receives a data message sent by a low-security level application in an information network domain, checks whether the data message is credible according to an information network access control rule, sends a response message to the low-security level application if the data message is credible, and then goes to step 1.2); if the data message is not credible, discarding the data message and terminating the transmission process;
1.2) sending the credible data message to a virtual machine safety communication management module (107) through a communication pipeline, checking the compliance of a sender and a receiver of the data message by the virtual machine safety communication management module (107) according to a virtual machine communication control rule, if the sender and the receiver are both compliant, sending the data message to an aviation network communication access control module (102) through the communication pipeline, and turning to the step 1.3); if any one of the sender and the receiver is not in compliance, discarding the data message and terminating the transmission process;
1.3) the avionic network communication access control module (102) checks the compliance of the received data message according to the avionic network access control rule, if the data message is compliant, the data message is sent to the avionic network sending module (103) through a communication pipeline, and the step 1.4 is carried out; if the data message is not qualified, discarding the data message and terminating the transmission process;
1.4) after receiving the data message, the avionic network transmission module (103) encapsulates the data message into an avionic network communication frame according to network configuration, and then transmits the avionic network communication frame to a high-security-level application located in an avionic network domain through an avionic network end node driver (105);
the data transmission process from the avionics network domain to the information network domain comprises the following steps:
2.1) an avionics network receiving module (104) receives an avionics network communication frame sent by a high-security-level application located in an avionics network domain according to network configuration;
2.2) the avionic network receiving module (104) unpacks the avionic network communication frames and sends the avionic network communication frames to the virtual machine safety communication management module (107) through a communication pipeline;
2.3) the virtual machine safety communication management module (107) checks the compliance of a sender and a receiver of the data message according to the virtual machine communication control rule for the received data message, and if the sender and the receiver are both compliant, the data message is sent to the information network communication agent module (109) through a communication pipeline; if any one of the sender and the receiver is not compliant, discarding the data message and terminating the transmission process;
2.4) after receiving the compliance data message, the information network communication agent module (109) sends the compliance data message to the low security level application in the information network domain according to the information network access control rule;
and 2.5) in the transmission process of data between the avionic network domain and the information network domain, monitoring the operation states of the information network communication agent module (109), the avionic network communication access control module (102), the avionic network sending module (103) and the avionic network receiving module (104) in real time, and recording and storing logs at the same time.
3. The method of bi-directional communication between a virtualization-based avionics network domain and an information network domain of claim 2, wherein: the information network access control rule in step 1.1) and step 2.4) is composed of a sender IP address, a sender communication port number, a signature algorithm and an algorithm key.
4. The method of bi-directional communication between a virtualization-based avionics network domain and an information network domain of claim 2, wherein: the virtual machine communication control rules in the step 1.2) and the step 2.3) are composed of a sender virtual machine number, a sender virtual machine priority, a receiver virtual machine number, a receiver virtual machine priority and a communication direction.
5. The method of bi-directional communication between a virtualization-based avionics network domain and an information network domain of claim 2, wherein: the avionics network access control rule in the step 1.3) consists of a sender IP address, a sender data message name, a receiver avionics network address, a receiver communication port number, a message unique value and a message length.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910121792.0A CN109831438B (en) | 2019-02-19 | 2019-02-19 | Two-way communication system and method between avionic network domain and information network domain based on virtualization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910121792.0A CN109831438B (en) | 2019-02-19 | 2019-02-19 | Two-way communication system and method between avionic network domain and information network domain based on virtualization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109831438A CN109831438A (en) | 2019-05-31 |
| CN109831438B true CN109831438B (en) | 2022-03-11 |
Family
ID=66863760
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910121792.0A Active CN109831438B (en) | 2019-02-19 | 2019-02-19 | Two-way communication system and method between avionic network domain and information network domain based on virtualization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109831438B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113219856B (en) * | 2021-04-25 | 2022-09-09 | 西北工业大学 | Virtual testing device and simulation method for civil aircraft airborne information system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101383822A (en) * | 2008-07-10 | 2009-03-11 | 北京邮电大学 | Router virtual machine for aviation telecommunication network |
| CN101517982A (en) * | 2006-09-27 | 2009-08-26 | 波音公司 | Router for establishing connectivity between a client device and on-board systems of an airplane |
| CN104486300A (en) * | 2014-11-29 | 2015-04-01 | 中国航空工业集团公司第六三一研究所 | Aviation exchange system and method based on virtual machine |
| CN107888599A (en) * | 2017-11-17 | 2018-04-06 | 中国航空工业集团公司西安航空计算技术研究所 | Intercommunication system and method between a kind of avionics height secure network domain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2721785B1 (en) * | 2011-06-15 | 2016-05-18 | BAE Systems PLC | Data transfer |
-
2019
- 2019-02-19 CN CN201910121792.0A patent/CN109831438B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101517982A (en) * | 2006-09-27 | 2009-08-26 | 波音公司 | Router for establishing connectivity between a client device and on-board systems of an airplane |
| CN101383822A (en) * | 2008-07-10 | 2009-03-11 | 北京邮电大学 | Router virtual machine for aviation telecommunication network |
| CN104486300A (en) * | 2014-11-29 | 2015-04-01 | 中国航空工业集团公司第六三一研究所 | Aviation exchange system and method based on virtual machine |
| CN107888599A (en) * | 2017-11-17 | 2018-04-06 | 中国航空工业集团公司西安航空计算技术研究所 | Intercommunication system and method between a kind of avionics height secure network domain |
Non-Patent Citations (1)
| Title |
|---|
| 虚拟化技术在综合化航电系统中的应用;张炯等;《北京航空航天大学学报》;20100215;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109831438A (en) | 2019-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110337799B (en) | Motor vehicle having a data network inside the vehicle and method for operating a motor vehicle | |
| CN108881302B (en) | Industrial Ethernet and BLVDS bus interconnection communication device and industrial control system | |
| CN107888599B (en) | Two-way communication system and method between high-low security network domains of avionics | |
| RU2494561C2 (en) | Bidirectional gateway with enhanced security level | |
| CN102055667B (en) | Methods and apparatus for configuring virtual network switch | |
| CN1823496B (en) | Switch port analyzers | |
| US7260833B1 (en) | One-way network transmission interface unit | |
| JPWO2019117184A1 (en) | In-vehicle network abnormality detection system and in-vehicle network abnormality detection method | |
| Fuchs et al. | The evolution of avionics networks from ARINC 429 to AFDX | |
| CN1761240A (en) | Be used for the intelligent integrated network security device that the height realizability is used | |
| US10966004B2 (en) | Hardware-enforced one-way information flow control device | |
| CN112910932B (en) | Data processing method, device and system | |
| CN109831438B (en) | Two-way communication system and method between avionic network domain and information network domain based on virtualization | |
| CN103237036A (en) | Device for realizing physical partition of internal and external networks | |
| CN104660554A (en) | Method for implementing communication data security of virtual machines | |
| CN103209191A (en) | Method for realizing physical partition of internal and external networks | |
| US20170134342A1 (en) | Data Network Of A Device, In Particular A Vehicle | |
| Murvay et al. | Practical security exploits of the FlexRay in-vehicle communication protocol | |
| CN113612762A (en) | Safe one-way data transmission device for industrial internet | |
| CN103051482B (en) | Based on a kind of port isolation of FC switch and the implementation method of recovery | |
| CN108768841A (en) | AFDX security gateway systems and its transmission method | |
| US20230087311A1 (en) | System and method for detection and prevention of cyber attacks at in-vehicle networks | |
| CN109714366B (en) | Bidirectional communication system and method between avionic network domain and information network domain | |
| CN111526124B (en) | Isolated communication system and method based on internal and external networks | |
| EP4181431A1 (en) | Service transmission method and apparatus, network device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |